# Governance, Privacy, and Policy

You are here: [AI Docs Home](index.md) > Governance, Privacy, and Policy

## Contents
- Allowed Data
- Handle With Care
- Forbidden Data
- Safe Prompt Examples
- Redaction Tips
- Compliance Expectations
- Ownership
- Next Steps

## Allowed Data
- Public information or approved internal content.
- Code that is already in approved repos.

## Handle With Care
- Customer data or identifiers.
- Security-sensitive configuration.
- Anything not explicitly approved by policy.

## Forbidden Data
- Secrets, credentials, or personal data.
- Non-approved proprietary information.

## Safe Prompt Examples
Example prompts:
```text
Summarize this public API and propose tests.
Refactor this function without changing behavior.
```

## Redaction Tips
- Remove secrets before pasting.
- Replace real identifiers with placeholders.
- Use minimal context required for the task.

### Example Redaction
Example:
```text
Before: User ID 928374 has email jane@company.com and token ABC123.
After: User ID <USER_ID> has email <EMAIL> and token <TOKEN>.
```

## Compliance Expectations
- Follow org security policies and data handling rules.
- Use AI as assistance, not authority.

## Ownership
If you are unsure about data classification, escalate before using AI.

### Example Question
Example prompt:
```text
Is it ok to share this log snippet with user IDs in Copilot?
```

## Next Steps
- For day-to-day workflows, read [Cross-Platform AI Usage](cross-platform.md).
- For cost guidance, read [Usage and Token Budgeting](usage-tokens.md).